Deciphering the latest attack on AIIMS
In the latest edition of our threat landscape report, Sectrio’s threat researchers had done a comprehensive analysis of the Indian cyber threat landscape, the actors, tactics, malware, and enablers. This report also highlighted the alarming levels of sophistication and maturity demonstrated by state-backed hackers that are targeting Indian critical infrastructure, businesses, and financial services infrastructure. The findings of the report do paint a realistic picture of how fast things are changing in cyberspace vis-à-vis threats, breach tactics, and targets In this piece, we will look at how and why some of the institutions in India are being repeatedly stalked and targeted in cyberspace. We recommend that this article be read in conjunction with the threat report for you to gain a complete understanding and context of the data presented here. As per the data trail left by hackers, Indian cyberspace has been extensively targeted since 2011. In that year, there were a couple of significant events recorded here that were unprecedented in magnitude and portended the scale of events to come. Since 2011, threat actors have expanded their presence in the country while scaling up their operations to cover more sectors and profiles of persons of interest. In addition to critical infrastructure, several of the procurement and production cycles of many vendors connected with defense supply chains, high-end manufacturing, and government agencies are also being targeted The AIIMS attack is certainly not an isolated one. Here are a few significant cyber incidents that occurred in the last few years. What really happened at AIIMS? As per media reports on the incident, it has been said that a cyber breach has been ruled out and the incident involved “someone trying to access E-hospital, an internal application” belonging to the premier healthcare institute. It is also said that the application is not accessible from the Internet. In subsequent reports, however, it was claimed that there was an incident involving a weakened server. The questions that arise are: When one puts the above information available publicly, a clearer picture of the attack emerges. At a primary level, the latest cyberattack on AIIMS is designed to send a message. “The hackers can strike at will even at targets that have been breached before and have since been hardened”. This attack also seems to have been carried out using data exfiltrated during the last attack and has since been shared possibly with other state-backed threat actors within China. Actors like APT 41 are acting to gain and retain access to critical systems and data that can be used to target institutions and key decision-makers in times of peace or during a geopolitical event. The latest attack could have been an attempt to gain access to some updated records or delete some information residing in the weakened server or it could have been an attempt to exfiltrate data of interest residing on this server. The writing is clearly on the wall. The second attack represents a continued threat actor and adversarial state interest in key Indian institutions Check out: The Global OT and IoT Threat Landscape Assessment and Analysis Report 2023
Deciphering the latest attack on AIIMS Read More »
